diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index e3479e75..6cd00449 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.4.0
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 4.9.0
+version: 4.9.1
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 keywords:
@@ -21,8 +21,4 @@ dependencies:
     condition: redis-ha.enabled
 annotations:
   artifacthub.io/changes: |
-    - "[Changed]: Update Argo CD to v2.4.0"
-    - "[Added]: Specify logs RBAC enforcement config in server"
-    - "[Changed]: Remove ksonnet and helm 2 support from Application and applicationSet CRDs"
-    - "[Changed]: Use applicationset binary on the upstream image"
-    - "[Changed]: Upgrade redis to 7.0.0"
+    - "[Fixed]: Extend K8s RBAC when using UI exec feature"
diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
index 63e3ee47..caac062e 100644
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@@ -27,4 +27,12 @@ rules:
       - pods/log
     verbs:
       - get
-{{- end }}
\ No newline at end of file
+  {{- if eq (index .Values.server.config "exec.enabled") "true" }}
+  - apiGroups:
+    - ""
+    resources:
+    - pods/exec
+    verbs:
+    - create
+  {{- end }}
+{{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index c5043fc1..b5672d4c 100755
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -1231,6 +1231,10 @@ server:
     # Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement
     server.rbac.log.enforce.enable: "false"
 
+    # exec.enabled indicates whether the UI exec feature is enabled. It is disabled by default.
+    # Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
+    exec.enabled: "false"
+
     # DEPRECATED: Please instead use configs.credentialTemplates and configs.repositories
     # repositories: |
     #   - url: git@github.com:group/repo.git